Exploit Kits Out, Loaders and Macros Back in

During 2016, we witnessed the collapse of three major exploit kits that were previously used for massive malware delivery: Nuclear (first), Angler and then Neutrino (later). Along with other more private EKs (such as Magnitude), they caused major damage in previous years and served as infection vectors for many malicious malware-distributing campaigns. Continue reading “Exploit Kits Out, Loaders and Macros Back in”

EclecticIQ Partners with SenseCy to Bring Leading Cyber Threat Intelligence Technology to the Israeli Cyber Community

We are very proud to announce our partnership with EclecticIQ, the industry-leading builder of analyst-centric technologies that turn cyber threat intelligence into business value.

In the partnership, SenseCy will deliver its unique cyber intelligence Continue reading “EclecticIQ Partners with SenseCy to Bring Leading Cyber Threat Intelligence Technology to the Israeli Cyber Community”

The Shade (Troldesh) Ransomware: One More Soldier in the Army of Encryption Miscreants

Written by Mickael S. and Tanya K.

Last week, SenseCy analysts happened upon a new sample of Shade ransomware, also known as Troldesh, which uses a no_more_ransom extension for encrypted files. This ransomware is far from famous, lacking the glorious Continue reading “The Shade (Troldesh) Ransomware: One More Soldier in the Army of Encryption Miscreants”

Insider Threats – Sometimes it is your Colleagues, and not Remote Attackers

Insiders pose the most substantial threat to organizations everywhere, a recent across-the-board study conducted by IBM demonstrates. Although in the majority of the cases, the insider is an employee of the company, he could also be a third party, such as an external contractor, a consultant or a business partner. An insider generally has all the Continue reading “Insider Threats – Sometimes it is your Colleagues, and not Remote Attackers”

Jihadi Cybercrime (Increasing Interest in Spam and Phishing Methods on Closed Islamic State Platforms)

While monitoring closed platforms that propagate an Islamic State agenda, we detected an initial interest in hacking lessons, focusing on spam and phishing methods. Many discussions in the technical sections of closed platforms affiliated with the Islamic State deal with the implementation of Continue reading “Jihadi Cybercrime (Increasing Interest in Spam and Phishing Methods on Closed Islamic State Platforms)”

Anonymous Italia Robs the Police (Again)

On October 12, 2016, Anonymous Italia launched a cyber offensive against the Polizia Penitenziaria (the Italian penitentiary police) to protest against the “unjust” acquittal of all those involved in the trial of Stefano Cucchi’s, a young Italian citizen who died in 2009 under still unclear circumstances a week after being remanded in custody by the Italian police for alleged drug dealing. Continue reading “Anonymous Italia Robs the Police (Again)”

Anna-senpai – Analysis of the Threat Actor behind the Leak of Mirai

The Mirai IoT Botnet has made a lot of headlines in recent weeks. While the botnet itself was analyzed and discussed by a number of security researchers and companies, none addressed the threat actor behind the recent attacks and the leak of Mirai source code. Such an analysis can provide useful insights into Continue reading “Anna-senpai – Analysis of the Threat Actor behind the Leak of Mirai”

Office 365 Administrator Accounts Traded on the Darknet

In early September 2016, a new advertisement appeared on various Darknet platforms, promoting a new hidden service. The service, dubbed Open Hacking Lab (OHL), offers three categories of products: hacking tools and resources, hacked credentials and services. While numerous hidden services on the Darknet sell hacked credentials, this is the first time we have observed the sale of administrator credentials for Office 365 accounts.

hacking-lab
Screenshot of the Open Hacking Lab platform

Microsoft Office 365 is a software package that includes cloud services, sold to corporates and private customers. The organizational package includes email, storage, social network, SharePoint and other services provided via cloud. Acquiring administrator’s access to organization that use Office 365 will provide a potential attacker with access to sensitive organizational information and may even lead to the threat actor gaining full control over the organization network.

Currently, 12 accounts are being offered for sale, with prices ranging from $15 for a logistics company account to $100 for a law firm. For each company, the seller provides a short description of the company, its country of origin, and which data the buyer will gain access to. Eight of these companies are based in the U.S., two in Europe and two in Canada.

office-365-darknet
Office 365 accounts for sale on a Darknet platform

The operator of the hidden service is a well-known actor in several communities on the Darknet; he is considered credible and he possesses high technical skills. The hidden service owner also runs a Twitter account dedicated to the service, where he updates about the platform and its products.

#OpClosedMedia: Hacktivists Threaten to Target the Media Sector on September 22, 2016

Hacktivists are threatening to launch #OpClosedMedia, a month-long cyber campaign against websites and platforms of “mainstream media,” on September 22, 2016, for failing to inform the public about the real news.

The campaign’s official target list includes the websites of the BBC, The Daily Mail, The Independent, Reuters, Channel One (Russia) and others.

opclosedmedia
#OpClosedMedia – September 22, 2016

Thus far, participants have claimed responsibility for hacking several websites related to the media sector from around the world, but they also claimed to have hacked other websites with a loose connection to this sector.

Calls to launch attacks against media outlets on September 22, 2016
Calls to launch attacks against media outlets on September 22, 2016

This is not the first time that the media sector has been targeted by hacktivists. In June 2016, the Ghost Squad Hackers group launched the #OpSilence campaign against prominent news agencies, such as Fox News and CNN, protesting against what they called the “silence and lies” regarding the Palestinian situation. However, it seems that the Ghost Squad Hackers are not involved in this campaign.

In conclusion, popular news platforms and the media sector in general are targeted by hacktivists who wish to shut them down. Only time will tell if they will succeed or not.